Redundancy 1.1.2 vs. 1.3
Closed this issue · 2 comments
Suggestion to move / combine
1.1.2 A documented procedure that makes Software Staff aware of the existence of the Open Source policy (e.g., via training, internal wiki, or other practical communication method).
to / with
1.3 Awareness
The organization shall ensure that Program participants are aware of:
a) The Open Source policy;
Clarification:
This refers to Section 3.1.1.2 and Section 3.1.3
Section 3.1.1.2 and Section 3.1.3 further discussed on Monthly Call 2022-11-15 as we opened new editing cycle for Gen 3 License Compliance Specification.
There was a proposed change:
Merge the verification material requirement from 3.1.1.2 for "a documented procedure that makes Software Staff aware of the existence of the Open Source policy (e.g., via training, internal wiki, or other practical communication method)" into the content of Section 3.1.3, awareness.
The parties on the call discussed the suggestion and came to the following conclusions:
(1) Section 3.1.1.2 is a verification material related to 3.1.1, requirements around having and communicating an open source policy to relevant company personnel. Meanwhile, Section 3.1.3 is asking for awareness across the program of things (including the policy) but its verification material does not duplicate the specific policy requirements.
(2) The discussion concluded that (a) the 3.1.1 Policy Section had internally consistent logic and (b) the 3.1.3 Awareness Section continued from this area but does not duplicate it. While the reference in 3.1.3 to policy (but not duplication of verification material requirements) may not be super elegant, the logic and workflow of the specification and its requirements is consistent from 3.1.1 to 3.1.3.
(3) For this reason, no action will be taken at this time, but naturally this issue can be reopened if there is disagreement.